Fix security issue

author: simonbrandhof <simon.brandhof@gmail.com> 2011-05-16 23:38:43 +0200
committer: simonbrandhof <simon.brandhof@gmail.com> 2011-05-16 23:38:43 +0200
commit: d98bbf6586ca6100be896bb0f4db6ae0c4b859b3 (patch)
tree: 0d0f71236f82168abc79cec10cf8a0cbe6ae2ba2
parent: 42c733568534132daed7c185905a8f428f058dde (diff)
download: sonarqube-d98bbf6586ca6100be896bb0f4db6ae0c4b859b3.tar.gz
sonarqube-d98bbf6586ca6100be896bb0f4db6ae0c4b859b3.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb
index e7f95603788..854c5f746db 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/settings_controller.rb
@@ -32,6 +32,8 @@ class SettingsController < ApplicationController
       project=Project.by_key(params[:resource_id])
       return access_denied unless is_admin?(project)
       resource_id=project.id
+    else
+      return access_denied unless is_admin?
     end
 
     plugins = java_facade.getPluginsMetadata()
author	simonbrandhof <simon.brandhof@gmail.com>	2011-05-16 23:38:43 +0200
committer	simonbrandhof <simon.brandhof@gmail.com>	2011-05-16 23:38:43 +0200
commit	d98bbf6586ca6100be896bb0f4db6ae0c4b859b3 (patch)
tree	0d0f71236f82168abc79cec10cf8a0cbe6ae2ba2
parent	42c733568534132daed7c185905a8f428f058dde (diff)
download	sonarqube-d98bbf6586ca6100be896bb0f4db6ae0c4b859b3.tar.gz sonarqube-d98bbf6586ca6100be896bb0f4db6ae0c4b859b3.zip